Hacking News

Hacking incidents, ethical hacking, and cybercrime updates.

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
Hacking News
1 min read

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprisi

CyberShield TeamRead More
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Hacking News
1 min read

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one har

CyberShield TeamRead More
Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It
Hacking News
1 min read

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by t

CyberShield TeamRead More
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
Hacking News
1 min read

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The age

CyberShield TeamRead More
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
Hacking News
1 min read

GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures

New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a s

CyberShield TeamRead More
New Ghost Phishing Wave Is Breaking Traditional Email Security
Hacking News
1 min read

New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypt

CyberShield TeamRead More
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
Hacking News
1 min read

New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware

AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its

CyberShield TeamRead More
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
Hacking News
1 min read

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Sec

CyberShield TeamRead More
The Verification Step Is the New ATO Battleground in 2026
Hacking News
1 min read

The Verification Step Is the New ATO Battleground in 2026

For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, s

CyberShield TeamRead More
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
Hacking News
1 min read

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and ar

CyberShield TeamRead More
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
Hacking News
1 min read

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome a

CyberShield TeamRead More
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
Hacking News
1 min read

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the bloc

CyberShield TeamRead More
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
Hacking News
1 min read

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "A

CyberShield TeamRead More
European Parliament Member Investigating Spyware Was Hacked With Pegasus
Hacking News
1 min read

European Parliament Member Investigating Spyware Was Hacked With Pegasus

A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving

CyberShield TeamRead More
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Hacking News
1 min read

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditio

CyberShield TeamRead More
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
Hacking News
1 min read

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Andro

CyberShield TeamRead More
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Hacking News
1 min read

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFr

CyberShield TeamRead More
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Hacking News
1 min read

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by

CyberShield TeamRead More
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Hacking News
1 min read

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws ma

CyberShield TeamRead More
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Hacking News
1 min read

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large

CyberShield TeamRead More
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
Hacking News
1 min read

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-o

CyberShield TeamRead More
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Hacking News
1 min read

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat In

CyberShield TeamRead More
Identity Lifecycle Management Wasn't Built for AI Agents
Hacking News
1 min read

Identity Lifecycle Management Wasn't Built for AI Agents

Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across ente

CyberShield TeamRead More
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Hacking News
1 min read

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between

CyberShield TeamRead More
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
Hacking News
1 min read

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a

CyberShield TeamRead More
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
Hacking News
1 min read

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campa

CyberShield TeamRead More